[opensuse] How can I share photos in intenrnet, with control?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'd like to share some photos and videos with few persons, but only with those persons. I'm using Google Photos. With that, I can share with a person; but what google does is send him the link, but once the link is known everybody in Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right? So looking at alternatives. Some other service out there? (gratis preferably) Maybe Google drive, perhaps? I might host them myself. I have a minimal Linux server accessible from Internet. Now, what software, just Apache? Maybe too much work, maybe there is already something out there for the job. Apache has a complication: I have to differentiate the internal LAN web from Internet web. And I think it has to be based on the port. Why do I say that? Look, how ssh from internet is seen on that machine: <4.6> 2019-12-28T12:39:27.676655+01:00 Isengard sshd 7941 - - Accepted publickey for cer from 192.168.1.1 port ... ssh2: RSA SHA256:... All outside connections seem to come from the router. I never know the IP they come from (not even in the router log). Ideas? :-) - -- Cheers Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdC4hwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVJqwAoIKHWB85+3k3RqgSOzj3 vWuX1c97AJ42K4gOx3HtWG4rq9K9evsncVAX4g== =WB1b -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 12:56, Carlos E. R. a écrit :
I'd like to share some photos and videos with few persons, but only with those persons.
:-)
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link,
yes but once the link is known everybody in
Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
no. It can only be found if the receiver send also the link to an other people. I guess you can also set a passwd and a time limit (nexcloud do, I dunno for google)
So looking at alternatives. Some other service out there? (gratis preferably)
Maybe Google drive, perhaps?
same thing
I might host them myself. I have a minimal Linux server accessible from Internet. Now, what software, just Apache? Maybe too much work, maybe there is already something out there for the job.
a gallery? Piwigo? http://dodin.org/piwigo/index.php you have a full passwd setup, but may be overkill for only small use, else apache and .htaccess...
Apache has a complication: I have to differentiate the internal LAN web
I don't understand. Is your server accessible from the net? jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 07:05, jdd@dodin.org wrote:
a gallery? Piwigo?
http://dodin.org/piwigo/index.php
you have a full passwd setup, but may be overkill for only small use, else apache and .htaccess...
Yes, a very flexible setup. But as he says, it may be overkill if you are just doing a handful of stuff. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 13.05, jdd@dodin.org wrote:
Le 28/12/2019 à 12:56, Carlos E. R. a écrit :
I'd like to share some photos and videos with few persons, but only with those persons.
:-)
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link,
yes
but once the link is known everybody in
Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
no. It can only be found if the receiver send also the link to an other people. I guess you can also set a passwd and a time limit (nexcloud do, I dunno for google)
No, no password setup in Google Photos.
So looking at alternatives. Some other service out there? (gratis preferably)
Maybe Google drive, perhaps?
same thing
I have not tried, but I thought the receiver has to be logged in.
I might host them myself. I have a minimal Linux server accessible from Internet. Now, what software, just Apache? Maybe too much work, maybe there is already something out there for the job.
a gallery? Piwigo?
http://dodin.org/piwigo/index.php
you have a full passwd setup, but may be overkill for only small use,
Overkill it seems, yes... <https://en.wikipedia.org/wiki/Piwigo> But there are no alternatives: <https://en.wikipedia.org/wiki/Comparison_of_photo_gallery_software> jAlbum -> Proprietary Gallery Project -> discontinued MediaGoblin AGPLv3 Piwigo GPL <https://en.wikipedia.org/wiki/MediaGoblin> Last release was made on 2016. May be overkill as well.
else apache and .htaccess...
.htaccess will not work, I don't get to know the IP of the incoming connection. All report MY router address.
Apache has a complication: I have to differentiate the internal LAN web
I don't understand. Is your server accessible from the net?
Once I open the access to it in the router, yes. At this moment, no. I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
should not be that difficult, with apache virtual server, one server several web sites don't you have some web space with your net provider?? -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.29, jdd@dodin.org wrote:
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
should not be that difficult, with apache virtual server, one server several web sites
Do you know of a howto for dummies? :-D
don't you have some web space with your net provider??
Nope. In the past it was something like 100Mb, and later they killed it completely. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdNNgAKCRC1MxgcbY1H 1WkwAJ0ROwXHIAL+qBL2sz5OEuNKhm+sSwCgmCNFEHPuWulrjZykk+jz1/cCPio= =KioC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zaterdag 28 december 2019 13:40:25 CET schreef Carlos E. R.:
On 28/12/2019 13.29, jdd@dodin.org wrote:
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
should not be that difficult, with apache virtual server, one server several web sites
Do you know of a howto for dummies? :-D
If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
don't you have some web space with your net provider??
Nope. In the past it was something like 100Mb, and later they killed it completely.
-- Cheers / Saludos,
Carlos E. R. (from 15.1 x86_64 at Telcontar)
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.57, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 13:40:25 CET schreef Carlos E. R.:
On 28/12/2019 13.29, jdd@dodin.org wrote:
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
should not be that difficult, with apache virtual server, one server several web sites
Do you know of a howto for dummies? :-D
If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sure, thanks :-) - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdWogAKCRC1MxgcbY1H 1UIsAJ9TNRunHKBmaQuRquZ1x/LH71E0aACfdu+f8mhEMomE3x+LR+TGiRMcS6s= =TgRd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 14.20, Carlos E. R. wrote:
On 28/12/2019 13.57, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 13:40:25 CET schreef Carlos E. R.:
On 28/12/2019 13.29, jdd@dodin.org wrote:
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
should not be that difficult, with apache virtual server, one server several web sites
Do you know of a howto for dummies? :-D
If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sure, thanks :-)
Thanks, got it. I will read it later, now it is past lunch time :-) I see yours is ip based. That will not work in my setup, because the router erases that information, packets are changed to "come" from my router. My server does not see the outside address. But I'll try anyway and verify if that is still the case for http as it is for ssh. But I see you do: <VirtualHost *:443> And that can work, based on the port. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdnbwAKCRC1MxgcbY1H 1SfiAJ9Gz9wd7Th+iPJ+IcGaZ4+6FcLGAwCeM3qwm7mIiMlnOBBR91SGh3iTIn0= =lp0+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 07:57, Knurpht-openSUSE wrote:
Do you know of a howto for dummies? :-D If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sounds complicated. My O'Reilly books from long before ISPs were doing VPS tells how, and I was doing this back in the last century anyway. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 09:12, Anton Aylward wrote:
On 28/12/2019 07:57, Knurpht-openSUSE wrote:
Do you know of a howto for dummies? :-D If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sounds complicated.
My O'Reilly books from long before ISPs were doing VPS tells how, and I was doing this back in the last century anyway.
http://www.linuxandubuntu.com/home/how-to-create-virtual-hosts-on-apache-ser... Now if you are inside of a NAT and have only a single IPaddress exposed to the web at large, you are going to have to stack the listening/return in a manner that works. Incoming it is <yourIP>:<port> where the port is for each virtual host. and the NAT maps the port to a LAN address of the virtual host. Every NAT server I've met has that capability. Somehow. Outgoing has to be remapped. I can't remember how to do that, I'll have to look it up. Please wait. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 15:42, Anton Aylward a écrit :
Now if you are inside of a NAT and have only a single IPaddress exposed to the web at large, you are going to have to stack the listening/return in a manner that works.
there is no need to have several IP to have apache virtual hosts, you only use names! If I read well, Carlos can redirect calls on his router. If so one redirect is enough, and use of subdomain http://www.dodin.org/wiki/pmwiki.php?n=Doc.InstallingApache2019 and no, people accessing apache are not allowed to browse the network jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 15.42, Anton Aylward wrote:
On 28/12/2019 09:12, Anton Aylward wrote:
On 28/12/2019 07:57, Knurpht-openSUSE wrote:
Do you know of a howto for dummies? :-D If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sounds complicated.
My O'Reilly books from long before ISPs were doing VPS tells how, and I was doing this back in the last century anyway.
http://www.linuxandubuntu.com/home/how-to-create-virtual-hosts-on-apache-ser... Thanks
:-) Mmmm.... It says “Move to the directory called /etc/apache2/sites-available”. Well, does not exist on openSUSE. I doubt if the rest of the howto applies. Maybe it is the same as "/etc/apache2/vhosts.d" we have. [...] Done. Says: «Step 4 Just edit your hosts file and match your virtual host domain to your localhost IP (127.0.0.1).» No, I can not do that, or I will not be able to reach my external IP. «Step 5 Enable the virtual host site by typing in the following command –Enable Virtual hostYou will then be asked to restart apache –Restart Apache Server» I don't understand what command is that. And I assume it will be different on openSUSE. Don't we have a wiki page on this? Well, we do have an apache2 portal, but virtual hosting is not one of the entries! Ah, there is a section: <https://en.opensuse.org/SDB:Apache_installation#Virtual_Hosts> It appears I just need to restart the daemon. [...] And add entry to firewall. Not enough, I get "connection rejected". Nothing in apache logs. [...] Needs /etc/apache2/listen.conf: Listen 50000 Now I get on browser: "Error reading from socket". I get entries in access_log and error_log, nothing on the vhost log (they have zero bytes) access_log: 192.168.1.1 - - [28/Dec/2019:20:30:21 +0100] "GET / HTTP/1.1" 200 710 "-" "Links (2.20.1; Linux 4.12.14-lp1 51.28.36-default x86_64; GNU C 7.4.1; text)" error_log: [Sat Dec 28 20:30:21.288080 2019] [apparmor:warn] [pid 21226] (1)Operation not permitted: [client 192.168.1 .1:41238] aa_change_hatv call failed [Sat Dec 28 20:30:21.288688 2019] [apparmor:error] [pid 21226] (1)Operation not permitted: [client 192.168. 1.1:41238] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:30:21.290913 2019] [apparmor:warn] [pid 21227] (1)Operation not permitted: [client 192.168.1 .1:41240] aa_change_hatv call failed [Sat Dec 28 20:30:21.291597 2019] [apparmor:error] [pid 21227] (1)Operation not permitted: [client 192.168. 1.1:41240] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:30:21.294959 2019] [apparmor:warn] [pid 21229] (1)Operation not permitted: [client 192.168.1 .1:41242] aa_change_hatv call failed [Sat Dec 28 20:30:21.295496 2019] [apparmor:error] [pid 21229] (1)Operation not permitted: [client 192.168. 1.1:41242] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' I don't understand any of that :-( Isengard:~ # aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. Enforce-mode changes: Isengard:~ # Besides that, the "local" web page now does not work in the LAN. My apache is now fully broken: 192.168.1.14 - - [28/Dec/2019:20:37:42 +0100] "GET / HTTP/1.1" 200 710 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" [Sat Dec 28 20:37:02.922865 2019] [apparmor:warn] [pid 21231] (1)Operation not permitted: [client 192.168.1 .14:33162] aa_change_hatv call failed [Sat Dec 28 20:37:02.923631 2019] [apparmor:error] [pid 21231] (1)Operation not permitted: [client 192.168. 1.14:33162] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:37:07.637442 2019] [apparmor:warn] [pid 21228] (1)Operation not permitted: [client 192.168.1 .14:33166] aa_change_hatv call failed [Sat Dec 28 20:37:07.638021 2019] [apparmor:error] [pid 21228] (1)Operation not permitted: [client 192.168. 1.14:33166] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:37:42.082109 2019] [apparmor:warn] [pid 21226] (1)Operation not permitted: [client 192.168.1 .14:33202] aa_change_hatv call failed [Sat Dec 28 20:37:42.082592 2019] [apparmor:error] [pid 21226] (1)Operation not permitted: [client 192.168. 1.14:33202] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT'
Now if you are inside of a NAT and have only a single IPaddress exposed to the web at large, you are going to have to stack the listening/return in a manner that works.
Incoming it is <yourIP>:<port> where the port is for each virtual host. and the NAT maps the port to a LAN address of the virtual host. Every NAT server I've met has that capability. Somehow. Outgoing has to be remapped. I can't remember how to do that, I'll have to look it up. Please wait.
Can I differentiate on the port only? Because that's trivial: the router does it. Perhaps: <VirtualHost 192.168.1.1:10000> Would be the external <VirtualHost 192.168.1.*:*> Would be the internal. But I also have other daemons listening on other ports, like "kodi", would that interfere? [...] No, kodi is working. Current configuration: /etc/apache2/vhosts.d/dyn.dns.conf: <VirtualHost 192.168.1.1:50000> ServerAdmin webmaster@localhost ServerName dyn.dns DocumentRoot /data/waterhoard/vhosts/dyn.dns/htdocs ErrorLog /var/log/apache2/dyn.dns-error_log CustomLog /var/log/apache2/dyn.dns-access_log combined HostnameLookups Off UseCanonicalName Off ServerSignature On ScriptAlias /cgi-bin/ "/data/waterhoard/vhosts/dyn.dns/cgi-bin" <Directory "/data/waterhoard/vhosts/dyn.dns/cgi-bin"> AllowOverride None Options +ExecCGI -Includes <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> <Directory "/data/waterhoard/vhosts/dyn.dns/htdocs"> Options Indexes FollowSymLinks AllowOverride None # # Controls who can get stuff from this server. # <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> </VirtualHost> -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Op zaterdag 28 december 2019 20:54:09 CET schreef Carlos E. R.:
On 28/12/2019 15.42, Anton Aylward wrote:
On 28/12/2019 09:12, Anton Aylward wrote:
On 28/12/2019 07:57, Knurpht-openSUSE wrote:
Do you know of a howto for dummies? :-D
If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sounds complicated.
My O'Reilly books from long before ISPs were doing VPS tells how, and I was doing this back in the last century anyway.
http://www.linuxandubuntu.com/home/how-to-create-virtual-hosts-on-apache-ser ver-to-host-multiple-websites
Thanks
:-)
Mmmm.... It says “Move to the directory called /etc/apache2/sites-available”. Well, does not exist on openSUSE. I doubt if the rest of the howto applies.
Maybe it is the same as "/etc/apache2/vhosts.d" we have. [...] Done.
Says:
«Step 4
Just edit your hosts file and match your virtual host domain to your localhost IP (127.0.0.1).»
No, I can not do that, or I will not be able to reach my external IP.
«Step 5
Enable the virtual host site by typing in the following command –Enable Virtual hostYou will then be asked to restart apache –Restart Apache Server»
I don't understand what command is that. And I assume it will be different on openSUSE. Don't we have a wiki page on this?
Well, we do have an apache2 portal, but virtual hosting is not one of the entries! Ah, there is a section:
<https://en.opensuse.org/SDB:Apache_installation#Virtual_Hosts>
It appears I just need to restart the daemon.
[...]
And add entry to firewall.
Not enough, I get "connection rejected". Nothing in apache logs.
[...]
Needs /etc/apache2/listen.conf:
Listen 50000
Now I get on browser: "Error reading from socket". I get entries in access_log and error_log, nothing on the vhost log (they have zero bytes)
access_log:
192.168.1.1 - - [28/Dec/2019:20:30:21 +0100] "GET / HTTP/1.1" 200 710 "-" "Links (2.20.1; Linux 4.12.14-lp1 51.28.36-default x86_64; GNU C 7.4.1; text)"
error_log:
[Sat Dec 28 20:30:21.288080 2019] [apparmor:warn] [pid 21226] (1)Operation not permitted: [client 192.168.1 .1:41238] aa_change_hatv call failed [Sat Dec 28 20:30:21.288688 2019] [apparmor:error] [pid 21226] (1)Operation not permitted: [client 192.168. 1.1:41238] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:30:21.290913 2019] [apparmor:warn] [pid 21227] (1)Operation not permitted: [client 192.168.1 .1:41240] aa_change_hatv call failed [Sat Dec 28 20:30:21.291597 2019] [apparmor:error] [pid 21227] (1)Operation not permitted: [client 192.168. 1.1:41240] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:30:21.294959 2019] [apparmor:warn] [pid 21229] (1)Operation not permitted: [client 192.168.1 .1:41242] aa_change_hatv call failed [Sat Dec 28 20:30:21.295496 2019] [apparmor:error] [pid 21229] (1)Operation not permitted: [client 192.168. 1.1:41242] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT'
I don't understand any of that :-(
Isengard:~ # aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. Enforce-mode changes: Isengard:~ #
Besides that, the "local" web page now does not work in the LAN. My apache is now fully broken:
192.168.1.14 - - [28/Dec/2019:20:37:42 +0100] "GET / HTTP/1.1" 200 710 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
[Sat Dec 28 20:37:02.922865 2019] [apparmor:warn] [pid 21231] (1)Operation not permitted: [client 192.168.1 .14:33162] aa_change_hatv call failed [Sat Dec 28 20:37:02.923631 2019] [apparmor:error] [pid 21231] (1)Operation not permitted: [client 192.168. 1.14:33162] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:37:07.637442 2019] [apparmor:warn] [pid 21228] (1)Operation not permitted: [client 192.168.1 .14:33166] aa_change_hatv call failed [Sat Dec 28 20:37:07.638021 2019] [apparmor:error] [pid 21228] (1)Operation not permitted: [client 192.168. 1.14:33166] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 20:37:42.082109 2019] [apparmor:warn] [pid 21226] (1)Operation not permitted: [client 192.168.1 .14:33202] aa_change_hatv call failed [Sat Dec 28 20:37:42.082592 2019] [apparmor:error] [pid 21226] (1)Operation not permitted: [client 192.168. 1.14:33202] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT'
Now if you are inside of a NAT and have only a single IPaddress exposed to the web at large, you are going to have to stack the listening/return in a manner that works.
Incoming it is <yourIP>:<port> where the port is for each virtual host. and the NAT maps the port to a LAN address of the virtual host. Every NAT server I've met has that capability. Somehow. Outgoing has to be remapped. I can't remember how to do that, I'll have to look it up. Please wait.
Can I differentiate on the port only? Because that's trivial: the router does it.
Perhaps:
<VirtualHost 192.168.1.1:10000>
Would be the external
<VirtualHost 192.168.1.*:*>
Would be the internal. But I also have other daemons listening on other ports, like "kodi", would that interfere? [...] No, kodi is working.
Current configuration:
/etc/apache2/vhosts.d/dyn.dns.conf:
<VirtualHost 192.168.1.1:50000> ServerAdmin webmaster@localhost ServerName dyn.dns
DocumentRoot /data/waterhoard/vhosts/dyn.dns/htdocs
ErrorLog /var/log/apache2/dyn.dns-error_log CustomLog /var/log/apache2/dyn.dns-access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
ScriptAlias /cgi-bin/ "/data/waterhoard/vhosts/dyn.dns/cgi-bin"
<Directory "/data/waterhoard/vhosts/dyn.dns/cgi-bin"> AllowOverride None Options +ExecCGI -Includes <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory>
<Directory "/data/waterhoard/vhosts/dyn.dns/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
# # Controls who can get stuff from this server. # <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule>
</Directory>
</VirtualHost> Carlos, all the (sub)domains from my config run on 80/443. Their webroot is different though. Do you already have 80/443 forwarded to some host in your local network? They don't have to use their own ports. Why follow a *buntu instruction where it has a different apache setup?
Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 21.03, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 20:54:09 CET schreef Carlos E. R.:
Current configuration:
/etc/apache2/vhosts.d/dyn.dns.conf:
<VirtualHost 192.168.1.1:50000> ServerAdmin webmaster@localhost ServerName dyn.dns
DocumentRoot /data/waterhoard/vhosts/dyn.dns/htdocs
ErrorLog /var/log/apache2/dyn.dns-error_log CustomLog /var/log/apache2/dyn.dns-access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
ScriptAlias /cgi-bin/ "/data/waterhoard/vhosts/dyn.dns/cgi-bin"
<Directory "/data/waterhoard/vhosts/dyn.dns/cgi-bin"> AllowOverride None Options +ExecCGI -Includes <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory>
<Directory "/data/waterhoard/vhosts/dyn.dns/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
# # Controls who can get stuff from this server. # <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule>
</Directory>
</VirtualHost>
Carlos, all the (sub)domains from my config run on 80/443. Their webroot is different though. Do you already have 80/443 forwarded to some host in your local network? They don't have to use their own ports. Why follow a *buntu instruction where it has a different apache setup?
I'm not following the Ubuntu instructions, I just read it for ideas :-) Rather, I followed the openSUSE wiki and the example config files in openSUSE apache install. <https://en.opensuse.org/SDB:Apache_installation#Virtual_Hosts> Also, notice that there is a router doing NAT. I can not configure it to handle port 80, apparently forbidden. So: http:dyn.dns:50000 --> router --> 192.168.16:50000 I can tell it to forward instead to port 80 inside, of course. What I have tried is the port based system. What is the difference in the apache configuration of port based or name based is not clear in the openSUSE wiki. Port based allows me to block/open the firewall easily to external traffic. If name based breaks, outside may get access to the default internal "view". When I browse to this server using my android phone inside the house, I can not use the server name, as the phone does not use the LAN DNS, but the outside DNS server via the router. So the apache will not see the name in the http request and will fail. As you can see, apparmour is blocking the attempt. Even if I stop it, I still get an apparmour error: [Sat Dec 28 21:34:12.215330 2019] [apparmor:warn] [pid 28047] (1)Operation not permitted: [client 192.168.1.1:43442] aa_change_hatv call failed [Sat Dec 28 21:34:12.216066 2019] [apparmor:error] [pid 28047] (1)Operation not permitted: [client 192.168.1.1:43442] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 21:34:12.222859 2019] [apparmor:warn] [pid 28045] (1)Operation not permitted: [client 192.168.1.1:43444] aa_change_hatv call failed [Sat Dec 28 21:34:12.223417 2019] [apparmor:error] [pid 28045] (1)Operation not permitted: [client 192.168.1.1:43444] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' [Sat Dec 28 21:34:12.225441 2019] [apparmor:warn] [pid 28043] (1)Operation not permitted: [client 192.168.1.1:43446] aa_change_hatv call failed [Sat Dec 28 21:34:12.225792 2019] [apparmor:error] [pid 28043] (1)Operation not permitted: [client 192.168.1.1:43446] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' Now, what does that mean, what is wrong? I can possibly redo as name based instead of port based, but will that not hit the same problem? And it will break the phone and tablets access - they access <http:192.168.1.16/directory> - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgfBMgAKCRC1MxgcbY1H 1bONAKCHl3Sjm/LKyaZy/iGn2zst18acyQCfe5hC5NRF3ltVkPLh+dc/JPKUbd8= =AJ5Y -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 21.55, Carlos E. R. wrote:
On 28/12/2019 21.03, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 20:54:09 CET schreef Carlos E. R.:
Current configuration:
/etc/apache2/vhosts.d/dyn.dns.conf:
<VirtualHost 192.168.1.1:50000> ServerAdmin webmaster@localhost ServerName dyn.dns
That was the error. It has to be: <VirtualHost 192.168.1.16:50000> The IP and port Apache is listening on, not where the connection comes from. Now I have the external view working. Next is to restore the internal view. Can I tell it that if it comes to :80 just use the default preexisting config? I guess not. <http://httpd.apache.org/docs/2.2/vhosts/ip-based.html> “IP-based virtual hosting is a method to apply different directives based on the IP address and port a request is received on. Most commonly, this is used to serve different websites on different ports or interfaces.” ... “In the terminology of Apache HTTP Server, using a single IP address but multiple TCP ports, is also IP-based virtual hosting.” Related problem: on Firefox, if I enter "http://isengard.valinor" it rewrites "http://isengard.valinor:4080/". Can I stop that? Each time it happens, I have to close the tab and try on a new tab. Then I see the entry in the /var/log/apache2/access_log: 192.168.1.14 - - [28/Dec/2019:22:05:59 +0100] "GET / HTTP/1.1" 200 710 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" but it is not served. /var/log/apache2/error_log: [Sat Dec 28 22:05:59.404883 2019] [apparmor:warn] [pid 29295] (1)Operation not permitted: [client 192.168.1.14:36078] aa_change_hatv call failed [Sat Dec 28 22:05:59.405662 2019] [apparmor:error] [pid 29295] (1)Operation not permitted: [client 192.168.1.14:36078] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' That's the failure now to obtain the original, LAN view of the webpage on the server. I guess I now have to create another virtual server for it. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Op zaterdag 28 december 2019 22:09:46 CET schreef Carlos E. R.:
On 28/12/2019 21.55, Carlos E. R. wrote:
On 28/12/2019 21.03, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 20:54:09 CET schreef Carlos E. R.:
Current configuration:
/etc/apache2/vhosts.d/dyn.dns.conf:
<VirtualHost 192.168.1.1:50000> ServerAdmin webmaster@localhost ServerName dyn.dns
That was the error. It has to be:
<VirtualHost 192.168.1.16:50000>
The IP and port Apache is listening on, not where the connection comes from.
Now I have the external view working.
Next is to restore the internal view. Can I tell it that if it comes to :80 just use the default preexisting config? I guess not.
<http://httpd.apache.org/docs/2.2/vhosts/ip-based.html>
“IP-based virtual hosting is a method to apply different directives based on the IP address and port a request is received on. Most commonly, this is used to serve different websites on different ports or interfaces.”
...
“In the terminology of Apache HTTP Server, using a single IP address but multiple TCP ports, is also IP-based virtual hosting.”
Related problem: on Firefox, if I enter "http://isengard.valinor" it rewrites "http://isengard.valinor:4080/". Can I stop that? Each time it happens, I have to close the tab and try on a new tab.
Then I see the entry in the /var/log/apache2/access_log:
192.168.1.14 - - [28/Dec/2019:22:05:59 +0100] "GET / HTTP/1.1" 200 710 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
but it is not served.
/var/log/apache2/error_log:
[Sat Dec 28 22:05:59.404883 2019] [apparmor:warn] [pid 29295] (1)Operation not permitted: [client 192.168.1.14:36078] aa_change_hatv call failed [Sat Dec 28 22:05:59.405662 2019] [apparmor:error] [pid 29295] (1)Operation not permitted: [client 192.168.1.14:36078] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT'
That's the failure now to obtain the original, LAN view of the webpage on the server. I guess I now have to create another virtual server for it. Do you have a FQDN ?
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 22.13, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 22:09:46 CET schreef Carlos E. R.:
On 28/12/2019 21.55, Carlos E. R. wrote:
On 28/12/2019 21.03, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 20:54:09 CET schreef Carlos E. R.:
Current configuration:
/etc/apache2/vhosts.d/dyn.dns.conf:
<VirtualHost 192.168.1.1:50000> ServerAdmin webmaster@localhost ServerName dyn.dns
That was the error. It has to be:
<VirtualHost 192.168.1.16:50000>
The IP and port Apache is listening on, not where the connection comes from.
Now I have the external view working.
Next is to restore the internal view. Can I tell it that if it comes to :80 just use the default preexisting config? I guess not.
<http://httpd.apache.org/docs/2.2/vhosts/ip-based.html>
“IP-based virtual hosting is a method to apply different directives based on the IP address and port a request is received on. Most commonly, this is used to serve different websites on different ports or interfaces.”
...
“In the terminology of Apache HTTP Server, using a single IP address but multiple TCP ports, is also IP-based virtual hosting.”
Related problem: on Firefox, if I enter "http://isengard.valinor" it rewrites "http://isengard.valinor:4080/". Can I stop that? Each time it happens, I have to close the tab and try on a new tab.
Then I see the entry in the /var/log/apache2/access_log:
192.168.1.14 - - [28/Dec/2019:22:05:59 +0100] "GET / HTTP/1.1" 200 710 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
but it is not served.
/var/log/apache2/error_log:
[Sat Dec 28 22:05:59.404883 2019] [apparmor:warn] [pid 29295] (1)Operation not permitted: [client 192.168.1.14:36078] aa_change_hatv call failed [Sat Dec 28 22:05:59.405662 2019] [apparmor:error] [pid 29295] (1)Operation not permitted: [client 192.168.1.14:36078] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT'
That's the failure now to obtain the original, LAN view of the webpage on the server. I guess I now have to create another virtual server for it.
Do you have a FQDN ?
External? Yes, a dynamic one (replaced in my post with dyn.dns string) The external view is working, now it is the internal view that I have to restore. Internally, there is local DNS server, and a different FQDN. I have created: /etc/apache2/vhosts.d/isengard.valinor.conf and I'm working on it. I may have to create also "isengard.conf", "localhost", "192.168.1.16"... There must be an easier way. It seems that when a virtual host is created, the default config is disabled and all must be virtual hosts. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgfKnwAKCRC1MxgcbY1H 1T2OAJ4jm1/GUp2eeEAf9MoazB59CxhlxwCdG5bjh3ba58S0hCeoSqWs+XLXxZg= =J1uw -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 21:55, Carlos E. R. a écrit :
I can tell it to forward instead to port 80 inside, of course.
inside listened port can be changed for apache, not a problem
If name based breaks, outside may get access to the default internal "view".
usually the default view is blocked to prevent this
When I browse to this server using my android phone inside the house, I can not use the server name,
it's a common problem, a locally hosted web site is difficult to see from inside the network, but you don't need a web site, only a shared system if all what you use is a phone, a (free) hosted nextcloud account is the best solution jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29/12/2019 08.03, jdd@dodin.org wrote:
Le 28/12/2019 à 21:55, Carlos E. R. a écrit :
I can tell it to forward instead to port 80 inside, of course.
inside listened port can be changed for apache, not a problem
If name based breaks, outside may get access to the default internal "view".
usually the default view is blocked to prevent this
Apparently there is no default view. At least, I get nothing on port 80, but a socket read error. As soon as I created a virtual host, the "default" (which was defined in httpd.conf.local) disappeared.
When I browse to this server using my android phone inside the house, I can not use the server name,
it's a common problem, a locally hosted web site is difficult to see from inside the network, but you don't need a web site, only a shared system
if all what you use is a phone, a (free) hosted nextcloud account is the best solution
Inside the house, I use anything: tablet, computer, laptop... And now it is broken. I'm working on creating another virtual host for the home. Outside the house, now works, I get a sample "hello world" page. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgiSOwAKCRC1MxgcbY1H 1VyoAJ95p1ZE/PsDkEEbWgaajgCpJltihQCgmOrY5aLyuqH4FGyuHzoRJRG9fhA= =zqKF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 29/12/2019 à 12:47, Carlos E. R. a écrit :
Apparently there is no default view. At least, I get nothing on port
there is one, may be you removed it at install time (you should get "it works") jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29/12/2019 14.24, jdd@dodin.org wrote:
Le 29/12/2019 à 12:47, Carlos E. R. a écrit :
Apparently there is no default view. At least, I get nothing on port
there is one, may be you removed it at install time (you should get "it works")
Misunderstanding. The configuration exists and was working. It stopped working when I added the first vhost. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iFwEARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgisxwAKCRC1MxgcbY1H 1SAxAJ9zOiHyFHmKKbM+xiuRtCLZtQuZXQCYp1jZaYtJEKXy+IUR1l6U/5s7SA== =6zjK -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [12-29-19 06:49]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 29/12/2019 08.03, jdd@dodin.org wrote:
Le 28/12/2019 à 21:55, Carlos E. R. a écrit :
I can tell it to forward instead to port 80 inside, of course.
inside listened port can be changed for apache, not a problem
If name based breaks, outside may get access to the default internal "view".
usually the default view is blocked to prevent this
Apparently there is no default view. At least, I get nothing on port 80, but a socket read error. As soon as I created a virtual host, the "default" (which was defined in httpd.conf.local) disappeared.
When I browse to this server using my android phone inside the house, I can not use the server name,
it's a common problem, a locally hosted web site is difficult to see from inside the network, but you don't need a web site, only a shared system
if all what you use is a phone, a (free) hosted nextcloud account is the best solution
Inside the house, I use anything: tablet, computer, laptop... And now it is broken. I'm working on creating another virtual host for the home.
Outside the house, now works, I get a sample "hello world" page.
have you tried to browse locally (house side of router) using ip addresses rather than names? Mine will work both ways but is much quicker if I address as http://192.168.1.3/<site> rather than http://wahoo.no-ip.org/<site> also be sure that your FQDN is NOT in /etc/hosts -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29/12/2019 14.46, Patrick Shanahan wrote:
* Carlos E. R. <> [12-29-19 06:49]:
have you tried to browse locally (house side of router) using ip addresses rather than names? Mine will work both ways but is much quicker if I address as http://192.168.1.3/<site> rather than http://wahoo.no-ip.org/<site>
The internal view fails on port 80, but works on port 81. See recent separate thread for the details.
also be sure that your FQDN is NOT in /etc/hosts
No, it is on the DNS. That does not seem to be the problem. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgivlwAKCRC1MxgcbY1H 1RVKAJ9xj/iBvKEq5/x6MofId2q0HnrGPACdFpe+Uv+n3gXvcDPDJVgVgabX4vk= =S/P4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 15:55, Carlos E. R. wrote:
What I have tried is the port based system. What is the difference in the apache configuration of port based or name based is not clear in the openSUSE wiki.
very simply... name based allows the incoming to all come to the same port and switch on the name. So you can have external names name1.domain1.com name2.domain1.com name3.domain1.com name4.domain2.com name5.domain3.com ... All mapping to the same address And of course the http/https mapping to the 80/433 That address is the external address of your NAT router. It packets get routed to your host running Apache The Apache server switches virtual NAME-DOMAINS to the various document root definitions as per your configuration. One IP address. For all those sites. But you have to have the external sites resolved by external DNS. That way, Anton here in Toronto can open a browser to that address as 'name4.domain2.com' and it ends up at your IP address, goes through your NAT, hits your server at port whatever and your server's Apache does the NAME BASED switch and serves up the details. This is how, even back in 1996, glorious DotComBoom days, I got the Guys at NetSteps.com to stop itching for more Class C domains. They had this crazy obsession of "one web site, one IP address", and were even hassling to buy out another (older larger) ISP that had a Class B. All this on a SGI machine that was more geared for graphics that that we think of as 'computation'. Very pretty, well engineered machine. Easily outclassed as far as networking went by a couple of OTS Intel 'white boxes' from Taiwan that ran SCO, spewed RF and had a much shorter lifetime, but also at a fraction of the cost. There were some good networking cards around and SGI was not about networking. That was then: SGI is long gone, SCO is long gone; this is now, but the principle still works. Now depending on your NAT router you MIGHT be able to just designate a host as the server for all incoming rather than doing port-by-port mapping. My router calls that a "DMZ Host". That leaves it up to the host level firewall for security. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29/12/2019 13.54, Anton Aylward wrote:
On 28/12/2019 15:55, Carlos E. R. wrote:
What I have tried is the port based system. What is the difference in the apache configuration of port based or name based is not clear in the openSUSE wiki.
very simply...
name based allows the incoming to all come to the same port and switch on the name.
So you can have external names
name1.domain1.com name2.domain1.com name3.domain1.com name4.domain2.com name5.domain3.com ...
All mapping to the same address And of course the http/https mapping to the 80/433
Misunderstanding. I understand that, the idea of what it achieves. What the wiki does not say is how to achieve it, how you achieve one or the other. What is the configuration difference. You have to read the Apache site docs for that. I have, and still I do not have it clear, except that I need port based configuration and that is what I have done. The external view works (port 50000), but not the internal on port 80 (it does on 81). ...
Now depending on your NAT router you MIGHT be able to just designate a host as the server for all incoming rather than doing port-by-port mapping. My router calls that a "DMZ Host". That leaves it up to the host level firewall for security.
In this case, the router responds to a single name, via dynamic DNS. The other name is only recognized internally, in the LAN. Say: anton.dyn.dns.com anton.localnet - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgiurgAKCRC1MxgcbY1H 1QwdAJ9uLBuSqr0FL/VqIBT4Xh5PUk6yxgCfeMes2Zeswn2bGhYIpUFXHLRvTX8= =BWyG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos, et al -- ...and then Carlos E. R. said... % % On 28/12/2019 21.03, Knurpht-openSUSE wrote: % ... % > Carlos, all the (sub)domains from my config run on 80/443. Their % > webroot is different though. Do you already have 80/443 forwarded ... % % What I have tried is the port based system. What is the difference in ... % % When I browse to this server using my android phone inside the house, % I can not use the server name, as the phone does not use the LAN DNS, % but the outside DNS server via the router. So the apache will not see % the name in the http request and will fail. [snip] I thought that you were having name challenges, but now it sounds like you're having port challenges. I'm a big fan of names, personally. I was going to suggest that you have carlos.dyn.dns # existing public name carlos.no-ip.com # new name for friends and use name-based vhost config to separate your content. That should work whether you're at home or away since it's a real name. Keep us posted :-) Happy New Year :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2019-12-29 at 14:50 -0500, David T-G wrote:
Carlos, et al --
...and then Carlos E. R. said...
% % On 28/12/2019 21.03, Knurpht-openSUSE wrote: % ... % > Carlos, all the (sub)domains from my config run on 80/443. Their % > webroot is different though. Do you already have 80/443 forwarded ... % % What I have tried is the port based system. What is the difference in ... % % When I browse to this server using my android phone inside the house, % I can not use the server name, as the phone does not use the LAN DNS, % but the outside DNS server via the router. So the apache will not see % the name in the http request and will fail. [snip]
I thought that you were having name challenges, but now it sounds like you're having port challenges. I'm a big fan of names, personally. I was going to suggest that you have
carlos.dyn.dns # existing public name carlos.no-ip.com # new name for friends
No way. I repeat: I already have "carlos.dyn.dns". The other name is "carlos.valinor", which is a fake domain only known inside my LAN. Problem is, my phones and tablets do not know that name, only the computers: they connect by IP number. Thus, it can not work "by names", they don't know the LAN name. They don't connect to the DNS that knows the LAN names.
and use name-based vhost config to separate your content. That should work whether you're at home or away since it's a real name.
I do not want a real name inside my LAN.
Keep us posted :-)
Happy New Year
:-D
- -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgkE7hwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVwFkAn2xGYlXnnvEx+J1oKCSp uNmrNMqHAJ9RNIytrU70/WmQeR4bnRrnyLA7RA== =DQVd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zondag 29 december 2019 20:56:29 CET schreef Carlos E. R.:
On Sunday, 2019-12-29 at 14:50 -0500, David T-G wrote:
Carlos, et al --
...and then Carlos E. R. said...
% % On 28/12/2019 21.03, Knurpht-openSUSE wrote: % ... % > Carlos, all the (sub)domains from my config run on 80/443. Their % > webroot is different though. Do you already have 80/443 forwarded ... % % What I have tried is the port based system. What is the difference in ... % % When I browse to this server using my android phone inside the house, % I can not use the server name, as the phone does not use the LAN DNS, % but the outside DNS server via the router. So the apache will not see % the name in the http request and will fail. [snip]
I thought that you were having name challenges, but now it sounds like you're having port challenges. I'm a big fan of names, personally. I was going to suggest that you have
carlos.dyn.dns # existing public name carlos.no-ip.com # new name for friends
No way.
I repeat:
I already have "carlos.dyn.dns".
The other name is "carlos.valinor", which is a fake domain only known inside my LAN. Problem is, my phones and tablets do not know that name, only the computers: they connect by IP number. Thus, it can not work "by names", they don't know the LAN name. They don't connect to the DNS that knows the LAN names.
and use name-based vhost config to separate your content. That should work whether you're at home or away since it's a real name.
I do not want a real name inside my LAN.
Why not? Look at this: knurpht@Knurpht-HP:~> ping pihole.knurpht.nl -c1 #from my laptop inside LAN PING pihole.knurpht.nl (192.168.2.7) 56(84) bytes of data. 64 bytes from pihole (192.168.2.7): icmp_seq=1 ttl=64 time=1.31 ms --- pihole.knurpht.nl ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.309/1.309/1.309/0.000 ms knurpht@Knurpht-HP:~> knurpht.nl.ssh Last login: Sat Dec 28 22:03:51 2019 from 82.73.235.190 Have a lot of fun... knurpht@salt:~> ping pihole.knurpht.nl -c1 #from my VPS in the cloud PING pihole.knurpht.nl (149.210.217.201) 56(84) bytes of data. 64 bytes from salt.knurpht.nl (149.210.217.201): icmp_seq=1 ttl=64 time=0.064 ms --- pihole.knurpht.nl ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.064/0.064/0.064/0.000 ms The apache server on my cloud proxies the vhost to my home ip:port, where on my router the port is forwarded to the RPi's IP. Adding 192.168.2.7 to the /etc/hosts on the RPi is enough to make this work on the LAN. -- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2019-12-29 at 21:05 +0100, Knurpht-openSUSE wrote:
Op zondag 29 december 2019 20:56:29 CET schreef Carlos E. R.:
On Sunday, 2019-12-29 at 14:50 -0500, David T-G wrote:
Carlos, et al --
...
I do not want a real name inside my LAN.
Why not? Look at this:
I repeat: http://isengard.valinor does not work in my phones or tablets, because they do not have access to the computer DNS server. The phones can not resolve that address. - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgkj5hwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVNYQAn3djA3damn9bDtKQHjT6 GiGURky1AJ99r8ro9hpmKGR3lCs0a4SKva4aVw== =0wPk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos, et al -- ...and then Carlos E. R. said... % % On Sunday, 2019-12-29 at 14:50 -0500, David T-G wrote: % % > % > carlos.dyn.dns # existing public name % > carlos.no-ip.com # new name for friends % % No way. % % I repeat: % % I already have "carlos.dyn.dns". Yep. % % The other name is "carlos.valinor", which is a fake domain only Right. But ... ... % >and use name-based vhost config to separate your content. That should % >work whether you're at home or away since it's a real name. % % I do not want a real name inside my LAN. ... that is one part that I missed :-) I think I read that as "I do not want real-world DNS resolution within my LAN" and so carlos.no-ip.com isn't useful; I don't necessarily understand that, but to each his own. I'm actually getting ready to retire my hosted VPS and move home, so I'll be setting up a dyn DNS of some sort so that I can find myself :-) HNY :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2019-12-29 at 15:07 -0500, David T-G wrote:
% % The other name is "carlos.valinor", which is a fake domain only
Right. But ...
... % >and use name-based vhost config to separate your content. That should % >work whether you're at home or away since it's a real name. % % I do not want a real name inside my LAN.
... that is one part that I missed :-) I think I read that as "I do not want real-world DNS resolution within my LAN" and so carlos.no-ip.com isn't useful; I don't necessarily understand that, but to each his own. I'm actually getting ready to retire my hosted VPS and move home, so I'll be setting up a dyn DNS of some sort so that I can find myself :-)
"carlos.dyn.dns", the outside address (faked in this email, but assume it is real) does of course resolve inside my LAN. But I do not use it because it loads my router. Inside, I use "carlos.valinor", which goes directly from computer to phone, using the switch and the wifi AP, bypassing the router external interface. ping time is noticiably faster: 0.333 vs 0.566 ms One of the uses of my internal web server is movies, thus relatively high traffic when it is in use. I do not want to add that 0.200 ms overhead. - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgkllBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV3C0Anidi9ML09QqZwUqpynv0 Z1jhQUABAJ47S36DG4XxasboupNsFQzv6Fk7Jw== =BvEn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 15:03, Knurpht-openSUSE wrote:
Why follow a *buntu instruction where it has a different apache setup?
pardon me. I'm so used to having google give me a set of Ubuntu instructions and translating them as I go into Suse format that I forget other people might take the ubuntu stuff literally. I get the 'conceptual model' from reading the Ubuntu and make the actuality with the Suse machine in front to me. My greatest impediment has been all this systemd and NetworkManager revisionism Some of you are bilingual when it comes to spoken languages. you hear Eng;ish or German or French or Danish and it just is. I've been dealing with UNIX variants for over 40 years and forget that no everyone is OS-bilingual. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zaterdag 28 december 2019 15:12:52 CET schreef Anton Aylward:
On 28/12/2019 07:57, Knurpht-openSUSE wrote:
Do you know of a howto for dummies? :-D
If you want I can share the apache setup ( multi domain ) from my VPS. The nextcloud docs are straight forward too.
Sounds complicated.
My O'Reilly books from long before ISPs were doing VPS tells how, and I was doing this back in the last century anyway.
> Q: Are you sure? > >> A: Because it reverses the logical flow of conversation. >> >>> Q: Why is top posting frowned upon? Not complicated at all...... Had a friends Rpi3 setup in < 1 hour, incl. https.
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 07:29, jdd@dodin.org wrote:
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
should not be that difficult, with apache virtual server, one server several web sites
don't you have some web space with your net provider??
Well if you don't ... Most routers, even NAT ones, till let you do redirection tricks. I can set mine up to incoming on port 8088 to redirect to a 'new' LAN IP address. I then set up a virtual address along side my regular address on the main machine that corresponds to this 'new' address. Well, DUH!, I knew how to do this with ipconfig but the new NetworkManager has me mentally blocked out https://devconnected.com/network-manager-on-linux-with-examples/ OR perhaps you are using systemd-networkd -- RTFM # ps -ef | grep -i network root 1258 1 0 06:30 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon Well that settles that issue as far as I'm concerned. I then set up an Apache virtual host that listens on that address Go google for setting up Apache virtual hosts on virtual IP addresses ... -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 15.10, Anton Aylward wrote:
On 28/12/2019 07:29, jdd@dodin.org wrote:
Le 28/12/2019 à 13:24, Carlos E.R. a écrit :
...
don't you have some web space with your net provider??
Well if you don't ...
Most routers, even NAT ones, till let you do redirection tricks.
Yes, mine does.
I can set mine up to incoming on port 8088 to redirect to a 'new' LAN IP address.
Ah! Yes, I see. Have a secondary IP address on my server.
I then set up a virtual address along side my regular address on the main machine that corresponds to this 'new' address.
Right, I like that trick. That can do.
Well, DUH!, I knew how to do this with ipconfig but the new NetworkManager has me mentally blocked out https://devconnected.com/network-manager-on-linux-with-examples/
OR perhaps you are using systemd-networkd -- RTFM
No, wicked.
# ps -ef | grep -i network root 1258 1 0 06:30 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon
Well that settles that issue as far as I'm concerned.
I then set up an Apache virtual host that listens on that address
Go google for setting up Apache virtual hosts on virtual IP addresses ...
I prefer a known howto for dummies ;-) - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdoPQAKCRC1MxgcbY1H 1dzSAJ96MHMLdCGIQ3QZHZYFP1nJLj51HQCfRsNkTDgTGgwWajoE9H8eeyV3Lus= =gbLR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 09:35, Carlos E. R. wrote:
On 28/12/2019 15.10, Anton Aylward wrote:
Go google for setting up Apache virtual hosts on virtual IP addresses ...
I prefer a known howto for dummies ;-)
http://www.linuxandubuntu.com/home/how-to-create-virtual-hosts-on-apache-ser... -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.24, Carlos E.R. wrote:
On 28/12/2019 13.05, jdd@dodin.org wrote:
Le 28/12/2019 à 12:56, Carlos E. R. a écrit :
Maybe Google drive, perhaps?
same thing
I have not tried, but I thought the receiver has to be logged in.
I just verified on Google drive: the recipient is asked to login. I sent to myself on gmail. So this might do, this time. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdM5AAKCRC1MxgcbY1H 1XDGAJ9fS2N89rkddJ3wqzlvrMji507u9QCcDUyyfMB6Ruo1A3wfe2D0U0uAL6U= =H7xX -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 13.05, jdd@dodin.org wrote:
Le 28/12/2019 à 12:56, Carlos E. R. a écrit :
I'd like to share some photos and videos with few persons, but only with those persons.
:-) :
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link,
yes
but once the link is known everybody in
Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
no. It can only be found if the receiver send also the link to an other people. I guess you can also set a passwd and a time limit (nexcloud do, I dunno for google)
No, no password setup in Google Photos.
So looking at alternatives. Some other service out there? (gratis preferably)
Maybe Google drive, perhaps?
same thing
I have not tried, but I thought the receiver has to be logged in.
I might host them myself. I have a minimal Linux server accessible from Internet. Now, what software, just Apache? Maybe too much work, maybe there is already something out there for the job.
a gallery? Piwigo?
http://dodin.org/piwigo/index.php
you have a full passwd setup, but may be overkill for only small use,
Overkill it seems, yes...
<https://en.wikipedia.org/wiki/Piwigo>
But there are no alternatives:
<https://en.wikipedia.org/wiki/Comparison_of_photo_gallery_software>
jAlbum -> Proprietary Gallery Project -> discontinued MediaGoblin AGPLv3 Piwigo GPL
<https://en.wikipedia.org/wiki/MediaGoblin> Last release was made on 2016. May be overkill as well.
else apache and .htaccess...
.htaccess will not work, I don't get to know the IP of the incoming connection. All report MY router address.
Apache has a complication: I have to differentiate the internal LAN web
I don't understand. Is your server accessible from the net?
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure. The google services aren't the safest here. Even though Nextcloud may seem overkill, it does offer you what you're looking for. And, self hosting it on some simple Leap15.1 box is easy peasy. An Rpi3 and an external disk can be enough, or an existing server ( the load of NC is pretty low ). With Drive it's the same mess as with Photos. Anyone with the link can access
Op zaterdag 28 december 2019 13:24:24 CET schreef Carlos E.R.: the file(s) from the link. -- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 13:48, Knurpht-openSUSE a écrit :
With Drive it's the same mess as with Photos. Anyone with the link can access the file(s) from the link.
google drive service is really ugly. I can't understand they don't even allow a passwd. It's a sort of malevolence from a so technical company jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.55, jdd@dodin.org wrote:
Le 28/12/2019 à 13:48, Knurpht-openSUSE a écrit :
With Drive it's the same mess as with Photos. Anyone with the link can access the file(s) from the link.
google drive service is really ugly. I can't understand they don't even allow a passwd. It's a sort of malevolence from a so technical company
They do. I just tried. I shared with another gmail identity, and "he" is required to login to have access. You just have to use advanced options. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdUegAKCRC1MxgcbY1H 1eRRAJ4jVSacqKaoDGbRx2Db6Gd16vCJ8gCfaCl+bhzTa8nP7MTLhdvdXPUQ65I= =TFo/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file) jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgezsAAKCRC1MxgcbY1H 1WucAJ9nFQokzKQSMl7uxw2tOsz7WFYdsACfS+nWuzWQW3jLkLxPrrOfhGgA6Mo= =mXs2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [12-28-19 15:00]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing. Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Patrick Shanahan <paka@opensuse.org> [12-28-19 15:08]:
* Carlos E. R. <robin.listas@telefonica.net> [12-28-19 15:00]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing.
Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf.
a four minute video explaining: https://www.youtube.com/watch?v=hFNZ6kdBgO0 -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zaterdag 28 december 2019 21:12:14 CET schreef Patrick Shanahan:
* Patrick Shanahan <paka@opensuse.org> [12-28-19 15:08]:
* Carlos E. R. <robin.listas@telefonica.net> [12-28-19 15:00]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org>
wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing.
Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf.
a four minute video explaining: https://www.youtube.com/watch?v=hFNZ6kdBgO0 Why? When you already have an apache server running?
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 21.14, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 21:12:14 CET schreef Patrick Shanahan:
* Patrick Shanahan <> [12-28-19 15:08]:
* Carlos E. R. <> [12-28-19 15:00]:
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org>
wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit : > I shared with another gmail identity, and "he" is > required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing.
Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf.
a four minute video explaining: https://www.youtube.com/watch?v=hFNZ6kdBgO0 Why? When you already have an apache server running?
That's the question, I already have apache running. :-) Both might interfere one with the other Also, if it is security by obscurity, I already have that with Google Photos - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgfFZgAKCRC1MxgcbY1H 1QK3AJ9t/I7SQZYLJCEikPxMaxsYzvp0BwCfV/JVUNuJGRPEqKHQIUD2ZWoUR+U= =3iZ0 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zaterdag 28 december 2019 22:13:13 CET schreef Carlos E. R.:
On 28/12/2019 21.14, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 21:12:14 CET schreef Patrick
Shanahan:
* Patrick Shanahan <> [12-28-19 15:08]:
* Carlos E. R. <> [12-28-19 15:00]:
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org>
wrote: > Le 28/12/2019 à 14:11, Carlos E. R. a écrit : >> I shared with another gmail identity, and "he" is >> required to login to have access. > > but he needs a google account, nextcloud use simply a > local passwd (local to the shared file) > > jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing.
Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf.
a four minute video explaining: https://www.youtube.com/watch?v=hFNZ6kdBgO0
Why? When you already have an apache server running?
That's the question, I already have apache running. :-) Both might interfere one with the other Of course not, each ( sub)domain has it's own webroot. But you may require a FQDN to point to your home IP
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zaterdag 28 december 2019 22:13:13 CET schreef Carlos E. R.:
On 28/12/2019 21.14, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 21:12:14 CET schreef Patrick
Shanahan:
* Patrick Shanahan <> [12-28-19 15:08]:
* Carlos E. R. <> [12-28-19 15:00]:
On 28/12/2019 16.21, Dave Howorth wrote: > On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" > <jdd@dodin.org> > > wrote: >> Le 28/12/2019 à 14:11, Carlos E. R. a écrit : >>> I shared with another gmail identity, and "he" is >>> required to login to have access. >> >> but he needs a google account, nextcloud use simply a >> local passwd (local to the shared file) >> >> jdd > > Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing.e
Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf.
a four minute video explaining: https://www.youtube.com/watch?v=hFNZ6kdBgO0
Why? When you already have an apache server running?
That's the question, I already have apache running. :-) Both might interfere one with the other
Of course not, each ( sub)domain has it's own webroot. But you may require a FQDN to point to your home IP FWIW: the file I send you was originally created on my home server. The DNSs of those pointed to my external (ISP) IP, ports 80 and 443 forwarded to the server's IP. All the (sub)domains point to the same IP. Where I added each of
Op zaterdag 28 december 2019 22:18:34 CET schreef Knurpht-openSUSE: them to the /etc/hosts file. -- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos, Sorry I am joining this thread a bit late but I have a question and perhaps an out of the box idea for you to explore... Why are you tied to using an external router? Personally I hate those cuz they are so limiting! Why not use a dedicated OpenSuSE box with 2 or more NICs to do your routing for you? Then you have all the power of Linux to handle your routing and you can run your servers on it as well. If you want to identify incoming requests, one idea would be to use a portknocker to open specific ports. (a different kind of password but it leaves ports closed when not in use so they cannot be found by scanners) The only thing you have to do is get your clients set up with a port knocking client (lots are available, even of smart phones) and give them a unique code to open a particular port to your Apache server. The Knockd daemon will also let you run a script if you like in addition to opening a port... Just a couple thoughts... Marc.... On 12/28/19 1:13 PM, Carlos E. R. wrote:
On 28/12/2019 21.14, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 21:12:14 CET schreef Patrick Shanahan:
* Patrick Shanahan <> [12-28-19 15:08]:
* Carlos E. R. <> [12-28-19 15:00]:
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org>
wrote: > Le 28/12/2019 à 14:11, Carlos E. R. a écrit : >> I shared with another gmail identity, and "he" is >> required to login to have access. > > but he needs a google account, nextcloud use simply a > local passwd (local to the shared file) > > jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
no, the phone requires a google account. But that is beside the poing.
Did you try using the python http server, very simple and can assign to nearly any port? You can advertise the connection url and port assignments to your intended audience and have security via obscurity and can only provide the service when you want. And you don't have to read a lengthy obfusicated manual. dummby pruf.
a four minute video explaining: https://www.youtube.com/watch?v=hFNZ6kdBgO0 Why? When you already have an apache server running?
That's the question, I already have apache running. :-) Both might interfere one with the other
Also, if it is security by obscurity, I already have that with Google Photos
-- --... ...-- .----. ... -.. . .-- .- --... .--. -..- .-- -- .- .-. -.-. *Computers: the final frontier. These are the voyages of the user Marc. His mission: to explore strange new hardware. To seek out new software and new applications. To boldly go where no Marc has gone before! * -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 22.38, Marc Chamberlin wrote:
Carlos, Sorry I am joining this thread a bit late but I have a question and perhaps an out of the box idea for you to explore...
Why are you tied to using an external router? Personally I hate those cuz they are so limiting! Why not use a dedicated OpenSuSE box with 2 or more NICs to do your routing for you?
Out of the question, sorry, but thanks for the idea :-) The router is ISP supplied, with a complex configuration they do not publish, and which they can and do change remotely. So replicating its functionality is far from trivial - and disables warranty and support calls. It handles normal Internet, the TV and, sometimes, the phone. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgfNmAAKCRC1MxgcbY1H 1cyvAJ0VfMd2q2jfkZne3XvJlR9vtxU9/wCfcR1pHabEriko4J7OVKgBFAyY5uw= =ZOq6 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 28 Dec 2019 20:57:38 +0100 "Carlos E. R." <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
Not with my phone it doesn't. How could it? What's the password? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2019-12-29 at 19:14 -0000, Dave Howorth wrote:
On 28/12/2019 16.21, Dave Howorth wrote:
On Sat, 28 Dec 2019 16:16:18 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
jdd
Yes, I for one refuse to have a google account.
It comes with the phone.
Not with my phone it doesn't. How could it? What's the password?
The shopkeeper kindly does the initial configuration of the phone, including creation of a google account if you don't have it or have forgotten the credentials. And then tells you the password and tells you to not forget (many do). That is, unless you choose an ancient phone, not a smartphone. And we do "all" want a smartphone that makes photos and sends them with wasap. No kind shopkeeper, and you have to do it yoursel? Well, the phone will insist on the google account when first powered up, and refuses to continue till we comply. It will gladly create the account for us. - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgkD2Bwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVFLkAn3Dq4In9kcjq4XM0+o91 n0oX6nDiAJ0QEcILOSiPzUp2BBJn4kxrnou3eQ== =X9kP -----END PGP SIGNATURE-----
Am Sonntag, 29. Dezember 2019, 20:51:52 CET schrieb Carlos E. R.:
Well, the phone will insist on the google account when first powered up, and refuses to continue till we comply.
No. You can skip the account creation but you won't be able to use any service or app related to Google. See: https://i.kinja-img.com/gawker-media/image/upload/jm4pjroiy89cplcnnets.jpg Regard, vinz.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2019-12-29 at 21:31 +0100, Vinzenz Vietzke wrote:
Am Sonntag, 29. Dezember 2019, 20:51:52 CET schrieb Carlos E. R.:
Well, the phone will insist on the google account when first powered up, and refuses to continue till we comply.
No. You can skip the account creation but you won't be able to use any service or app related to Google.
See: https://i.kinja-img.com/gawker-media/image/upload/jm4pjroiy89cplcnnets.jpg
Well, I'm unsure all phones allow that, but anyway, I do want google apps, and I absolutely need some apps like WhatsApp or Android Auto (my car uses it). Anyway, not having a google account is "advanced usage". In most cases, anybody having an Android smartphone (which in Spain is the majority) will have a Google Account. Another large bunch will have an iphone. Most of the people I want to share these photos with have a gmail address, I think. So, not a problem. - -- Cheers, Carlos E. R. (from openSUSE 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgknSBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVcZkAniRmReIqgNCVgLEkUYWa q2rM+/nvAJwNqpCYrHrF7bpkjGGA79hwGygoQA== =XDeT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 16.16, jdd@dodin.org wrote:
Le 28/12/2019 à 14:11, Carlos E. R. a écrit :
I shared with another gmail identity, and "he" is required to login to have access.
but he needs a google account, nextcloud use simply a local passwd (local to the shared file)
The other person does have a gmail address, thus google account. That's why I was using "Google Photos", the other person should have the photos inside his Google Photos app. At least, it worked before they killed google+ - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iFwEARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgezlgAKCRC1MxgcbY1H 1cAiAJ9aClhy9eT0WeYWC/2KyqBde5v1bgCVFXBOw9A8pl1M7RX9WOMdKh12/A== =6bWf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.48, Knurpht-openSUSE wrote:
Op zaterdag 28 december 2019 13:24:24 CET schreef Carlos E.R.:
On 28/12/2019 13.05, jdd@dodin.org wrote:
...
else apache and .htaccess...
.htaccess will not work, I don't get to know the IP of the incoming connection. All report MY router address.
Apache has a complication: I have to differentiate the internal LAN web
I don't understand. Is your server accessible from the net?
Once I open the access to it in the router, yes. At this moment, no.
I do not want people to have access to what Apache is currently serving to my LAN. I want people coming from Internet to see a different web page and not have access to the internal page, and perhaps using different settings, more secure.
The google services aren't the safest here.
I know, but they are "just there" and easy to use :-D
Even though Nextcloud may seem overkill, it does offer you what you're looking for.
I'm unfamiliar with it, so I will have to look.
And, self hosting it on some simple Leap15.1 box is easy peasy. An Rpi3 and an external disk can be enough, or an existing server ( the load of NC is pretty low ).
Sorry, what is "nc"? I do have a Leap 15.1 box available. The idea of hosting it myself I find attractive, but I know little about actually doing it. I do not want the external viewers to have access to what a web browser in my LAN sees. I want them to have a limited view with secure settings. Perhaps this means two apaches. A complication is that an outside incoming connection is seen on my server as coming from the router, ie, the LAN. This is caused by my stupid router. The Apache will never know the incoming external IP. So if you know of a howto for dummies I would appreciate it :-)
With Drive it's the same mess as with Photos. Anyone with the link can access the file(s) from the link.
No, I just tried. Right click on file, then advanced button: Who has access: Specific people has access. Options: on - everybody on - anybody with the link off - specific people Then each specific person can "edit, xor comment xor view" Notice that Google broke the connection of Drive to Photos, they are now separate services. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdS1wAKCRC1MxgcbY1H 1Qw4AJwLexu8XLXxq+hNX73LI6+6biBSGQCfRHPJXmmsOPSRCTs0K++GghdyR8M= =qnHz -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 28 Dec 2019 13:24:24 +0100 "Carlos E.R." <robin.listas@gmx.es> wrote:
.htaccess will not work, I don't get to know the IP of the incoming connection. All report MY router address.
The information must be there somewhere. Otherwise neither the router nor the application on the PC could tell which connection it was replying to. Suppose you want to serve one page to one connection and a different page to another connection; how could you do that? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/12/2019 15.25, Dave Howorth wrote:
On Sat, 28 Dec 2019 13:24:24 +0100 "Carlos E.R." <robin.listas@gmx.es> wrote:
.htaccess will not work, I don't get to know the IP of the incoming connection. All report MY router address.
The information must be there somewhere. Otherwise neither the router nor the application on the PC could tell which connection it was replying to. Suppose you want to serve one page to one connection and a different page to another connection; how could you do that?
The router knows, just not me nor the machines in the LAN. The machine in the LAN simply responds to the router, at the port it is told to reply to. It works. At least with SSH, I have not tested http. But Anton just told of a trick: tell the router to send to a secondary (virtual) IP of the server inside the LAN. That way it will know it comes from outside and trigger a different virtual domain. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)
Am 28.12.19 um 13:24 schrieb Carlos E.R.:
I'd like to share some photos and videos with few persons, but only with those persons.
Use a wordpress blog. It's setup in few minutes if you just use the standard layout, which should be enough. You can protect single posts (a photo) with a password that you then share with those you want to have access. Nobody must login nowhere, google doesn't see, analyze (and censor!!! [*]) your images, nor can't it violate the privacy of the users who look at your photos. You can also create groups of users and publish posts that are only visible to that group. This requires login, of course. This link explains it: https://herothemes.com/blog/restricting-access-wordpress-pages-creating-memb... You can install wordpress on your own server (from https://es.wordpress.org/ ) to grant almost perfect privacy or use a hosted version (on https://es.wordpress.com/ ) which then, of course, is subject to the hosts privacy conditions -- (Links contain publicity for me, no nudes) [*] googles algorithms are extremely stupid. My last post on google was automatically censored by it's AI (ArtificialIdiocy), it's unbelievable but true: https://daniel-bauer-fotografo.business.site/posts/6288310649208391763 the original, uncensored version: https://joinlobear.tumblr.com/post/189901296014/luckily-the-locomotive-behin... -- Daniel Bauer photographer Basel Málaga https://www.patreon.com/danielbauer https://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/28/2019 06:28 AM, Daniel Bauer wrote:
the original, uncensored version: https://joinlobear.tumblr.com/post/189901296014/luckily-the-locomotive-behin...
Nice! What could be better than Trains and Girls! Here's an advertisement featuring Trains, Girls and Boots! https://www.youtube.com/watch?v=Mrk4C_W5zmc I was the location manager for the shoot at the Museum in Campo CA, it was fun. They had a still photographer and a girl with an iPhone doing the video. BTW, we don't see equipment like that around here (the train). Notice the buffers and link coupler. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 16:42, Lew Wolfgang a écrit :
On 12/28/2019 06:28 AM, Daniel Bauer wrote:
the original, uncensored version: https://joinlobear.tumblr.com/post/189901296014/luckily-the-locomotive-behin...
the girl look like Amy? jdd
-- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 13:05, jdd@dodin.org a écrit :
Le 28/12/2019 à 12:56, Carlos E. R. a écrit :
I'd like to share some photos and videos with few persons, but only with those persons.
:-)
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link,
yes
but once the link is known everybody in
Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
no. It can only be found if the receiver send also the link to an other people. I guess you can also set a passwd and a time limit (nexcloud do, I dunno for google)
I don't find it for google, but I use it on nextcloud: https://ncloud.zaclys.com/index.php/s/2YKeMZ646QD3bxq the link above is *not* protected by a passwd (unuseful there), but as you can see on it, the nextcloud client is very well integrated in kde, with a "share" option in context menu. You can found easily up to 1Gb free nextcloud, for example on my provider https://www.zaclys.com/ (it's in french but you can probably guess the use) try this, you may find one in spain https://nextcloud.com/signup/ you can as well install nextcloud on your server, but updates are a bit tedious you can even find encrypted sessions jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.25, jdd@dodin.org wrote:
Le 28/12/2019 à 13:05, jdd@dodin.org a écrit :
Le 28/12/2019 à 12:56, Carlos E. R. a écrit :
I'd like to share some photos and videos with few persons, but only with those persons.
:-)
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link,
yes
but once the link is known everybody in
Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
no. It can only be found if the receiver send also the link to an other people. I guess you can also set a passwd and a time limit (nexcloud do, I dunno for google)
I don't find it for google, but I use it on nextcloud:
https://ncloud.zaclys.com/index.php/s/2YKeMZ646QD3bxq
the link above is *not* protected by a passwd (unuseful there), but as you can see on it, the nextcloud client is very well integrated in kde, with a "share" option in context menu.
The people viewing will be using Windows or Android, perhaps iPhone.
You can found easily up to 1Gb free nextcloud, for example on my provider
(it's in french but you can probably guess the use)
try this, you may find one in spain
Dunno... I'll have to look.
you can as well install nextcloud on your server, but updates are a bit tedious
you can even find encrypted sessions
jdd
- -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdNyQAKCRC1MxgcbY1H 1ayxAJ9rlGc7L0pFv/OEqK5PB6r9bJ2s1QCeKY8BRH7KUr9hF0PknD/zYYGlxqU= =TrbX -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 28/12/2019 à 13:42, Carlos E. R. a écrit :
The people viewing will be using Windows or Android, perhaps iPhone.
not a problem. the usefulness is on your side. yopu just have to right clic and share (the image was made with my phone and sent immediately to the cloud) may be a bit outdated, but apache own doc is very good http://www.dodin.org/wiki/pmwiki.php?n=Doc.InstallingApache jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 28 Dec 2019 12:56:18 +0100 (CET) "Carlos E. R." <robin.listas@telefonica.net> wrote:
I'd like to share some photos and videos with few persons, but only with those persons.
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link, but once the link is known everybody in Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
[snip]
Ideas? :-)
I think you're going to have to tell us more about the actual risks you're trying to guard against. I mean, you can obviously send encrypted versions of the media to these people and inform them of the keys separately. So why haven't you done that? And even if you do that, any of the recipients can post them somewhere afterwards, so you could have a leak. So what exactly are you trying to prevent? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 13.27, Dave Howorth wrote:
On Sat, 28 Dec 2019 12:56:18 +0100 (CET) "Carlos E. R." <> wrote:
...
Ideas? :-)
I think you're going to have to tell us more about the actual risks you're trying to guard against.
Ok, ask :-)
I mean, you can obviously send encrypted versions of the media to these people and inform them of the keys separately. So why haven't you done that?
Encryption is too complicated for the intended recipients. Just password login would be enough. I have just found that "Google drive" requests login, so it might be enough - this time, but still interested in doing "something" on my server.
And even if you do that, any of the recipients can post them somewhere afterwards, so you could have a leak.
That's acceptable.
So what exactly are you trying to prevent?
Just random people out there viewing them "by chance". People somehow finding out the shared link and seeing my photos. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdPoQAKCRC1MxgcbY1H 1Z4jAJwNbH1w9s9zafydQvj7jZxPpIuzmwCdHpc5F6URfLiTkhhn2HcfHvbyVqE= =Oavk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [12-28-19 06:58]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'd like to share some photos and videos with few persons, but only with those persons.
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link, but once the link is known everybody in Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
So looking at alternatives. Some other service out there? (gratis preferably)
look at: python -m SimpleHTTPServer https://developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_loc... Running a simple local HTTP server you can specify a particular port and convey that to your users, and take it down when you don't want it accessable. and it is included in python-base which you probably had installed. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi. I might have missed it in the long thread, but have you considered a simple solution like Resilio Sync? https://www.resilio.com/individuals/ The free version seems to provide what you are looking for. You approve the recipient. The down side, is that the both sides (you and the recipient) need to install the sync client in order to be able to host/access the files. The whole thing is built on bittorrent and was spun off from the Bittorrent company. On 12/28/19 3:56 AM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'd like to share some photos and videos with few persons, but only with those persons.
I'm using Google Photos. With that, I can share with a person; but what google does is send him the link, but once the link is known everybody in Internet can see the photos. Yes, it is a long and obscure link, but still... I do not feel "safe". A spider might find it, right?
So looking at alternatives. Some other service out there? (gratis preferably)
Maybe Google drive, perhaps?
I might host them myself. I have a minimal Linux server accessible from Internet. Now, what software, just Apache? Maybe too much work, maybe there is already something out there for the job.
Apache has a complication: I have to differentiate the internal LAN web from Internet web. And I think it has to be based on the port. Why do I say that? Look, how ssh from internet is seen on that machine:
<4.6> 2019-12-28T12:39:27.676655+01:00 Isengard sshd 7941 - - Accepted publickey for cer from 192.168.1.1 port ... ssh2: RSA SHA256:...
All outside connections seem to come from the router. I never know the IP they come from (not even in the router log).
Ideas? :-)
- -- Cheers
Carlos E. R. (from 15.1 x86_64 at Telcontar)
-----BEGIN PGP SIGNATURE-----
iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXgdC4hwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVJqwAoIKHWB85+3k3RqgSOzj3 vWuX1c97AJ42K4gOx3HtWG4rq9K9evsncVAX4g== =WB1b -----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/12/2019 23.18, Payam Firouztala wrote:
Hi. I might have missed it in the long thread, but have you considered a simple solution like Resilio Sync? https://www.resilio.com/individuals/ The free version seems to provide what you are looking for. You approve the recipient. The down side, is that the both sides (you and the recipient) need to install the sync client in order to be able to host/access the files. The whole thing is built on bittorrent and was spun off from the Bittorrent company.
Thanks, but that is too complex for some of the intended recipients. - -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXggKzQAKCRC1MxgcbY1H 1SIQAJ0e9UEJJlRMMdHwT2ExmGzdd5vEwwCeLBjhV0/kcm33dsf/zbgFIBEU7tE= =8HXy -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (13)
-
Anton Aylward -
Carlos E. R. -
Carlos E.R. -
Daniel Bauer -
Dave Howorth -
David T-G -
jdd@dodin.org -
Knurpht-openSUSE -
Lew Wolfgang -
Marc Chamberlin -
Patrick Shanahan -
Payam Firouztala -
Vinzenz Vietzke